remove unneeded network policies from apps

Signed-off-by: gwg313 <gwg313@pm.me>
2026-06-05 23:31:00 +00:00 · 2026-05-17 22:58:17 -04:00 · 2026-05-17 22:58:17 -04:00 · 322ba29302
commit 322ba29302
parent 90d5ce565a
2 changed files with 0 additions and 81 deletions
--- a/apps/forgejo/network-policy.yaml
+++ b/apps/forgejo/network-policy.yaml
@ -1,18 +1,4 @@
 # ----------------------------------------------------
-# Default deny (namespace baseline)
-# ----------------------------------------------------
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: default-deny
-  namespace: forgejo
-spec:
-  endpointSelector: {}
-  ingress: []
-  egress: []
-
---
-# ----------------------------------------------------
 # Ingress only from Gateway API
 # ----------------------------------------------------
 apiVersion: cilium.io/v2
@ -32,33 +18,6 @@ spec:
        - ports:
            - port: "3000"
              protocol: TCP
-
---
-# ----------------------------------------------------
-# DNS (cluster DNS only)
-# ----------------------------------------------------
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-dns
-  namespace: forgejo
-spec:
-  endpointSelector:
-    matchLabels:
-      app: forgejo
-  egress:
-    - toEndpoints:
-        - matchLabels:
-            k8s:io.kubernetes.pod.namespace: kube-system
-            k8s-app: kube-dns
-      toPorts:
-        - ports:
-            - port: "53"
-              protocol: ANY
-          rules:
-            dns:
-              - matchPattern: "*"
-
 # ---
 # # ----------------------------------------------------
 # # CI runner access (in-cluster service)
--- a/apps/navidrome/network-policy.yaml
+++ b/apps/navidrome/network-policy.yaml
@ -1,18 +1,4 @@
 # ----------------------------------------------------
-# Default deny (namespace baseline)
-# ----------------------------------------------------
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: default-deny
-  namespace: navidrome
-spec:
-  endpointSelector: {}
-  ingress: []
-  egress: []
-
---
-# ----------------------------------------------------
 # Ingress only from Gateway API
 # ----------------------------------------------------
 apiVersion: cilium.io/v2
@ -33,32 +19,6 @@ spec:
            - port: "4533"
              protocol: TCP

---
-# ----------------------------------------------------
-# DNS (required)
-# ----------------------------------------------------
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-dns
-  namespace: navidrome
-spec:
-  endpointSelector:
-    matchLabels:
-      app: navidrome
-  egress:
-    - toEndpoints:
-        - matchLabels:
-            k8s:io.kubernetes.pod.namespace: kube-system
-            k8s-app: kube-dns
-      toPorts:
-        - ports:
-            - port: "53"
-              protocol: ANY
-          rules:
-            dns:
-              - matchPattern: "*"
-
 ---
 # ----------------------------------------------------
 # Spotify API access (album art, metadata)